| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-22963 | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability | secondary_impact | T1505.003 | Web Shell |
Comments
In certain versions of Spring Cloud Function, a vulnerability allows remote code execution through a specially crafted Spring Expression Language (SpEL) routing expression. This vulnerability, known as "Spring4Shell," can be exploited by sending crafted queries to a server running the Spring Core framework. Hackers are actively exploiting this flaw to execute malicious Java code on vulnerable servers. Initial exploit attempts were observed targeting a honeypot on port 9001. The exploit modifies logging configurations to create a webshell by writing code to a log file, which is then executed via a browser. Although there is scanning activity for vulnerable hosts, the exploitation is less widespread compared to Log4Shell, as it requires specific conditions beyond just using the framework.
References
|
| CVE-2022-22963 | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability | primary_impact | T1059.007 | JavaScript |
Comments
In certain versions of Spring Cloud Function, a vulnerability allows remote code execution through a specially crafted Spring Expression Language (SpEL) routing expression. This vulnerability, known as "Spring4Shell," can be exploited by sending crafted queries to a server running the Spring Core framework. Hackers are actively exploiting this flaw to execute malicious Java code on vulnerable servers. Initial exploit attempts were observed targeting a honeypot on port 9001. The exploit modifies logging configurations to create a webshell by writing code to a log file, which is then executed via a browser. Although there is scanning activity for vulnerable hosts, the exploitation is less widespread compared to Log4Shell, as it requires specific conditions beyond just using the framework.
References
|
| CVE-2022-22963 | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
In certain versions of Spring Cloud Function, a vulnerability allows remote code execution through a specially crafted Spring Expression Language (SpEL) routing expression. This vulnerability, known as "Spring4Shell," can be exploited by sending crafted queries to a server running the Spring Core framework. Hackers are actively exploiting this flaw to execute malicious Java code on vulnerable servers. Initial exploit attempts were observed targeting a honeypot on port 9001. The exploit modifies logging configurations to create a webshell by writing code to a log file, which is then executed via a browser. Although there is scanning activity for vulnerable hosts, the exploitation is less widespread compared to Log4Shell, as it requires specific conditions beyond just using the framework.
References
|